While frontier AI is advancing rapidly, its systemic cybersecurity implications and long-term risks remain insufficiently analyzed, and actionable governance pathways are lacking. Method: We propose the first cybersecurity marginal-risk taxonomy for frontier AI, rigorously analyzing the short-term “offense-easy, defense-hard” dynamic through three dimensions—equivalence classes, offense-defense asymmetry, and economic effects—and develop a full-lifecycle framework integrating qualitative/quantitative risk analysis, adversarial risk modeling, security economics, and hybrid-system safety design. Contribution/Results: We introduce novel governance mechanisms—including fine-grained benchmarking, provably secure defenses, and AI-agent resilience architectures—and deliver seven implementable practice recommendations alongside a long-term research agenda, providing systematic foundations for policymaking, AI system development, and defensive technology advancement.

As frontier AI advances rapidly, understanding its impact on cybersecurity and inherent risks is essential to ensuring safe AI evolution (e.g., guiding risk mitigation and informing policymakers). While some studies review AI applications in cybersecurity, none of them comprehensively discuss AI's future impacts or provide concrete recommendations for navigating its safe and secure usage. This paper presents an in-depth analysis of frontier AI's impact on cybersecurity and establishes a systematic framework for risk assessment and mitigation. To this end, we first define and categorize the marginal risks of frontier AI in cybersecurity and then systemically analyze the current and future impacts of frontier AI in cybersecurity, qualitatively and quantitatively. We also discuss why frontier AI likely benefits attackers more than defenders in the short term from equivalence classes, asymmetry, and economic impact. Next, we explore frontier AI's impact on future software system development, including enabling complex hybrid systems while introducing new risks. Based on our findings, we provide security recommendations, including constructing fine-grained benchmarks for risk assessment, designing AI agents for defenses, building security mechanisms and provable defenses for hybrid systems, enhancing pre-deployment security testing and transparency, and strengthening defenses for users. Finally, we present long-term research questions essential for understanding AI's future impacts and unleashing its defensive capabilities.